package cn.com.doone.common.uc.infrastructure.ldap;

import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

import org.apache.shiro.realm.ldap.LdapUtils;
import org.springframework.stereotype.Repository;

import cn.com.doone.common.uc.domain.oauth.IOauthLdapRepository;
import cn.com.doone.common.uc.infrastructure.jdbc.AbstractLdapRepository;
import cn.com.doone.common.uc.utils.PasswordUtils;

@Repository("oauthLdapRepository")
public class OauthLdapRepository extends AbstractLdapRepository implements IOauthLdapRepository {
	
	/**
	 * 修改密码
	 */
	@Override
	public void changePassword(String userAccount, String password) {
		// TODO Auto-generated method stub
		LdapContext ldapContext = null;
        try {
        	ldapContext = ldapContextFactory.getSystemLdapContext();
			
			final SearchControls searchCtls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false); 
			// final SearchControls searchCtls = new SearchControls(); 
            final NamingEnumeration<SearchResult> search = ldapContext.search("DC=doone,DC=com,DC=cn", "(uid=" + userAccount + ")", searchCtls);
            
            if (search.hasMore()) {
                final SearchResult next = search.next();
                
                String fullname = next.getNameInNamespace();
                
                ModificationItem[] mods = new ModificationItem[1];   
    			// 替换
    	        mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", password));   
    	        ldapContext.modifyAttributes(fullname, mods);
                
            } 
        } catch (NamingException ne) {
        	ne.printStackTrace();
        } finally {
            LdapUtils.closeContext(ldapContext);
        }
	}
	
	@Override
	public void changePasswordByUserInfoId(String userInfoId,String password) {
		LdapContext ldapContext = null;
        try {
        	ldapContext = ldapContextFactory.getSystemLdapContext();
			
			final SearchControls searchCtls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false); 
			// final SearchControls searchCtls = new SearchControls(); 
            final NamingEnumeration<SearchResult> search = ldapContext.search("DC=doone,DC=com,DC=cn", "(dbid=" + userInfoId + ")", searchCtls);
            
            if (search.hasMore()) {
                final SearchResult next = search.next();
                
                String fullname = next.getNameInNamespace();
                
                ModificationItem[] mods = new ModificationItem[1];   
    			// 替换
    	        mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", password));   
    	        ldapContext.modifyAttributes(fullname, mods);
                
            } 
        } catch (NamingException ne) {
        	ne.printStackTrace();
        } finally {
            LdapUtils.closeContext(ldapContext);
        }
	}

	@Override
	public boolean isCorrectPassword(String userAccount, String password) {
		// TODO Auto-generated method stub
		
		LdapContext ldapContext = null;
		try {
			ldapContext = ldapContextFactory.getSystemLdapContext();
			
			final SearchControls searchCtls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false); 
			// final SearchControls searchCtls = new SearchControls(); 
            final NamingEnumeration<SearchResult> search = ldapContext.search("DC=doone,DC=com,DC=cn", "(&(userPassword=" + PasswordUtils.openLdapMD5(password) + ")(uid=" + userAccount + "))", searchCtls);
            
            if (search.hasMore()) {
                /*final SearchResult next = search.next();
                
                String fullname = next.getNameInNamespace();
                ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, fullname);
                ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
                ldapContext.reconnect(null);*/
                
                return true;
            } else {
            	return false;
            } 
			
			//context was opened successfully, which means their credentials were valid.  Return the AuthenticationInfo:
		} catch (Exception e) {
			return false;
		} finally {
			LdapUtils.closeContext(ldapContext);
		}
		
	}

}
